001 /* ===========================================================
002 * JFreeChart : a free chart library for the Java(tm) platform
003 * ===========================================================
004 *
005 * (C) Copyright 2000-2008, by Object Refinery Limited and Contributors.
006 *
007 * Project Info: http://www.jfree.org/jfreechart/index.html
008 *
009 * This library is free software; you can redistribute it and/or modify it
010 * under the terms of the GNU Lesser General Public License as published by
011 * the Free Software Foundation; either version 2.1 of the License, or
012 * (at your option) any later version.
013 *
014 * This library is distributed in the hope that it will be useful, but
015 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
016 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
017 * License for more details.
018 *
019 * You should have received a copy of the GNU Lesser General Public
020 * License along with this library; if not, write to the Free Software
021 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
022 * USA.
023 *
024 * [Java is a trademark or registered trademark of Sun Microsystems, Inc.
025 * in the United States and other countries.]
026 *
027 * -----------------
028 * DisplayChart.java
029 * -----------------
030 * (C) Copyright 2002-2008, by Richard Atkinson and Contributors.
031 *
032 * Original Author: Richard Atkinson;
033 * Contributor(s): David Gilbert (for Object Refinery Limited);
034 *
035 * Changes
036 * -------
037 * 19-Aug-2002 : Version 1;
038 * 09-Mar-2005 : Added facility to serve up "one time" charts - see
039 * ServletUtilities.java (DG);
040 * ------------- JFREECHART 1.0.x ---------------------------------------------
041 * 02-Feb-2007 : Removed author tags all over JFreeChart sources (DG);
042 *
043 */
044
045 package org.jfree.chart.servlet;
046
047 import java.io.File;
048 import java.io.IOException;
049
050 import javax.servlet.ServletException;
051 import javax.servlet.http.HttpServlet;
052 import javax.servlet.http.HttpServletRequest;
053 import javax.servlet.http.HttpServletResponse;
054 import javax.servlet.http.HttpSession;
055
056 /**
057 * Servlet used for streaming charts to the client browser from the temporary
058 * directory. You need to add this servlet and mapping to your deployment
059 * descriptor (web.xml) in order to get it to work. The syntax is as follows:
060 * <xmp>
061 * <servlet>
062 * <servlet-name>DisplayChart</servlet-name>
063 * <servlet-class>org.jfree.chart.servlet.DisplayChart</servlet-class>
064 * </servlet>
065 * <servlet-mapping>
066 * <servlet-name>DisplayChart</servlet-name>
067 * <url-pattern>/servlet/DisplayChart</url-pattern>
068 * </servlet-mapping>
069 * </xmp>
070 */
071 public class DisplayChart extends HttpServlet {
072
073 /**
074 * Default constructor.
075 */
076 public DisplayChart() {
077 super();
078 }
079
080 /**
081 * Init method.
082 *
083 * @throws ServletException never.
084 */
085 public void init() throws ServletException {
086 return;
087 }
088
089 /**
090 * Service method.
091 *
092 * @param request the request.
093 * @param response the response.
094 *
095 * @throws ServletException ??.
096 * @throws IOException ??.
097 */
098 public void service(HttpServletRequest request,
099 HttpServletResponse response)
100 throws ServletException, IOException {
101
102 HttpSession session = request.getSession();
103 String filename = request.getParameter("filename");
104
105 if (filename == null) {
106 throw new ServletException("Parameter 'filename' must be supplied");
107 }
108
109 // Replace ".." with ""
110 // This is to prevent access to the rest of the file system
111 filename = ServletUtilities.searchReplace(filename, "..", "");
112
113 // Check the file exists
114 File file = new File(System.getProperty("java.io.tmpdir"), filename);
115 if (!file.exists()) {
116 throw new ServletException("File '" + file.getAbsolutePath()
117 + "' does not exist");
118 }
119
120 // Check that the graph being served was created by the current user
121 // or that it begins with "public"
122 boolean isChartInUserList = false;
123 ChartDeleter chartDeleter = (ChartDeleter) session.getAttribute(
124 "JFreeChart_Deleter");
125 if (chartDeleter != null) {
126 isChartInUserList = chartDeleter.isChartAvailable(filename);
127 }
128
129 boolean isChartPublic = false;
130 if (filename.length() >= 6) {
131 if (filename.substring(0, 6).equals("public")) {
132 isChartPublic = true;
133 }
134 }
135
136 boolean isOneTimeChart = false;
137 if (filename.startsWith(ServletUtilities.getTempOneTimeFilePrefix())) {
138 isOneTimeChart = true;
139 }
140
141 if (isChartInUserList || isChartPublic || isOneTimeChart) {
142 // Serve it up
143 ServletUtilities.sendTempFile(file, response);
144 if (isOneTimeChart) {
145 file.delete();
146 }
147 }
148 else {
149 throw new ServletException("Chart image not found");
150 }
151 return;
152 }
153
154 }